CVE-2020-5910 Information

Description

In versions 3.0.0-3.5.0 2.0.0-2.9.0 and 1.0.1 the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication so any successful connection would be authorized.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://support.f5.com/csp/article/K59209532

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5